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DETAILED ACTION 

1. Claims 1, 7-9, 15-16 are presented for examination. 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1, 7, 9 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable by Singh 
et al. ? US Patent Number 5,758,083, hereinafter Singh in view of Lee et al, "An 
expanded NAT with server connection ability", TENCON 99., Proceedings of the IEEE 
Region 10 Conference, hereinafter Lee, and in further views of Rowe et al., US Patent 
Number 6,466,941, hereinafter Rowe. 

4. Referring to claim 1, Singh has taught a computer network comprising: 

a first edge device (Col 22 linel, first network manager), coupled to a first 
physical private network (Col 22 line 1, private network is a network), the first edge 
device configured to create a first table with information of members network reachable 
through the first edge device (Col 22 lines 5-7), the first table being stored in a first 
database (Col 22 line 6, the first table must exist, since a table in a database is just blocks 
of memory being occupied, and the information being stored in the database must occupy 
some blocks of memory, which could be viewed as a table); 
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a second edge device (Col 22 lines 2, second network manager), coupled to a 
second physical private network (Col 22 lines 2-3, private network is a network), the 
second edge device configured to create a second table with information of member 
networks reachable through the second edge device (Col 22 lines 7-9), the second table 
being stored in a second database (Col 22 lines 7-9); 

wherein, the first and second edge devices enable secure communication between 
the first and second private networks (Col 8 lines 31-35), and the first edge device shares 
the information of the member networks of the first table with the second edge device 
and the second edge device shares the information of the member networks of the second 
table with the first edge device (Col 22 lines 1-11) 

wherein communication between the first and second physical private networks is 
managed according to a security policy associated with the first and second physical 
private networks (Col 8 lines 31-35), wherein the security policy is defined for a security 
policy group (Col 8 lines 31-35, distributed network managers is viewed as a security 
group), comprising one or more networks (Col 22 lines 1-3, first network and second 
network are the member networks since they could communicate to each other), and a 
rule controlling access to the member networks (Col 2 lines 15-17, Col 9 lines 61- Col 10 
lines 3.) 

Singh has not explicitly taught wherein the member networks include a group of 
one or more virtual private networks. 

However, Lee has taught two edge devices (see page 1393 figure 7, NAT routers) 
connecting to a group of one or more VPNs (page 1393 Col 1, lines 16-18 states if two or 
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more inter-private network connections using NAT are available, running VPN will also 
be available. Also see the abstract) 

It would have been obvious to a person with ordinary skill in the art at the time 
the invention was made to incorporate the two databases of Singh in Lee such that to 
have member networks include a group of one or more virtual private networks because 
both Singh and Lee teach communications between two edge devices in an inter- 
networking environment. Singh contains an authorization list containing information 
indicating receiving machines are authorized to received the information (Col 2 lines 15- 
17), and Lee discloses that a VPN connection tables contains virtual IP headers to allow 
connections (page 1393, Col 1 bottom - Col 2 Top). They are similar in terms of their 
functionality. 

A person with ordinary skill in the art would have been motivated to make the 
modification to Singh because having the VPN connection tables would allow Singh's 
system to authorize receiving devices by their virtual IP. Doing so would make the 
management of network be very easy and also can offer VPN with ease as taught by Lee 
(page 1393, Col 2, conclusion section.) 

Furthermore, Singh in view of Lee has not taught the security group provides a 
hierarchical organization of groups and users allowed to access the system. 

However, Rowe has taught a content management tool that provides a hierarchical 
arrangement of data tables (Col 20 lines 39-42) and allowed users to access the system 
(Col 21 lines 7-13.) 
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It would have been obvious to a person with ordinary skill in the art at the time 
the invention was made to modify the teaching of Singh such that to have the security 
group provides a hierarchical organization of groups and users allowed to access the 
member networks because both Singh and Rowe have taught invention regarding to 
network database management, and Rowe provides a method of organizing the network 
database (see title). 

A person with ordinary skill in the art would have been motivated to make the 
modification to Singh because having a hierarchical arrangement is one of the various of 
way to organize the context of a system, Rowe provide the hierarchical to allow user to 
have a better visualization with the organized data, which allow users to locate the 
information faster and easier. Therefore it would be obvious for Singh to use the 
hierarchical arrangement in Singh's system to provide the users a easy and fast way of 
locating information. Also, Rowe has taught the limitation of user allowed to access the 
database, this is a well known feature to have only the authorized users to be able to 
access the system in order to provide the security to the system, therefore, it would also 
be obvious for Singh to have users allowed to access the member networks in his 
invention. 

5. Referring to claim 7, Singh as modified has further taught wherein each of the one or 
more virtual private networks has full connectivity with all other virtual networks (Col 22 
lines 1-12, first network and second network has full connectivity with each other) and 
the security policy defined for the security group is automatically configured for each 
connection (Col 17 lines 10-15). 
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6. Referring to claim 9, Singh has taught in a computer network (figures 1 and 2), including 
a first edge device (Col 22 linel, first network manager), coupled to a first physical 
private network (Col 22 line 1, private network is a network) and a second edge device 
(Col 22 lines 2, second network manager), coupled to a second physical private network 
(Col 22 lines 2-3, private network is a network), the first and second edge devices 
enabling secure communication between the first and second physical private networks 
(Col 8 lines 31-35), a method for gathering network membership information comprising: 

a. defining a security policy for a security policy group (Col 8 lines 31-35, 
distributed network managers is viewed as a security group), and a rule 
controlling access to the member networks (Col 2 lines 15-17, Col 9 lines 61- Col 
10 lines 3.) 

b. creating a first table with information of a group of one or more network 
reachable through the first edge device (Col 22 lines 5-7); 

c. storing the first table in the first database (Col 22 line 6); 

d. creating a second table with information of a group of one or more network 
reachable through the second edge device (Col 22 lines 7-9); 

e. storing the second table in the second database (Col 22 line 6); 

f sharing the information of the group of one or more networks of the first table 

with the second edge device (Col 22 lines 1-11); and 
g. sharing the information of the group of one or more networks of the second table 

with the first edge device (Col 22 lines 1-11); 
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h. wherein communication between the first and second physical private networks is 
managed according to a security policy associated with the first and second 
physical private networks (Col 8 lines 31-35.) 

Singh has not explicitly taught wherein the member networks include a group of 
one or more virtual private networks. 

However, Lee has taught two edge devices (see page 1393 figure 7, NAT routers) 
connecting to a group of one or more VPNs (page 1393 Col 1, lines 16-18 states if two or 
more inter-private network connections using NAT are available, running VPN will also 
be available. Also see the abstract) 

It would have been obvious to a person with ordinary skill in the art at the time 
the invention was made to incorporate the two databases of Singh in Lee such that to 
have member networks include a group of one or more virtual private networks because 
both Singh and Lee teach communications between two edge devices in an inter- 
networking environment. Singh contains an authorization list containing information 
indicating receiving machines are authorized to received the information (Col 2 lines 15- 
17), and Lee discloses that a VPN connection tables contains virtual IP headers to allow 
connections (page 1393, Col 1 bottom - Col 2 Top). They are similar in terms of their 
functionality. 

A person with ordinary skill in the art would have been motivated to make the 
modification to Singh because having the VPN connection tables would allow Singh's 
system to authorize receiving devices by their virtual IP. Doing so would make the 
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management of network be very easy and also can offer VPN with ease as taught by Lee 
(page 1393, Col 2, conclusion section.) 

Furthermore, Singh in view of Lee has not taught the security group provides a 
hierarchical organization of groups and users allowed to access the system. 

However, Rowe has taught a content management tool that provides a hierarchical 
arrangement of data tables (Col 20 lines 39-42) and allowed users to access the system 
(Col 21 lines 7-13.) 

It would have been obvious to a person with ordinary skill in the art at the time 
the invention was made to modify the teaching of Singh such that to have the security 
group provides a hierarchical organization of groups and users allowed to access the 
member networks because both Singh and Rowe have taught invention regarding to 
network database management, and Rowe provides a method of organizing the network 
database (see title). 

A person with ordinary skill in the art would have been motivated to make the 
modification to Singh because having a hierarchical arrangement is one of the various of 
way to organize the context of a system, Rowe provide the hierarchical to allow user to 
have a better visualization with the organized data, which allow users to locate the 
information faster and easier. Therefore it would be obvious for Singh to use the 
hierarchical arrangement in Singh's system to provide the users a easy and fast way of 
locating information. Also, Rowe has taught the limitation of user allowed to access the 
database, this is a well known feature to have only the authorized users to be able to 
access the system in order to provide the security to the system, therefore, it would also 
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be obvious for Singh to have users allowed to access the member networks in his 
invention. 

7. Referring to claim 15, claim 15 encompasses the same scope of the invention as that of 
the claim 7. Therefore, claim 15 is rejected for the same reason as the claim 7. 

8. Claims 8 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Singh, in 
views of Lee and Rowe, in further views of Martino Jr. et al., US Patent Number 
5,029,206, hereinafter Martino. 

9. Referring to claim 8, Singh as modified has taught in invention as described in claim 6. 
Singh as modified has not taught wherein the security policy provides encryption of 
traffic among the one or more virtual private networks and the rule is a firewall rule 
providing access control of the encrypted traffic among the one or more virtual private 
networks. 

However, Martino has taught encryption of traffic among networks, and rules 
providing access control of the encrypted traffic among the networks (Col 4 lines 27-38.) 

It would have been obvious to a person with ordinary skill in the art at the time 
the invention was made to modify the teaching of Singh in views of Rowe such that to 
have the security policy provides encryption of traffic among the member networks and 
the rule is a firewall rule providing access control of the encrypted traffic among the 
member networks. 

A person with ordinary skill in the art would have been motivated to make the 
modification to Singh in views of Rowe because having encrypted traffic between 
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member networks and rules providing access control would enhance the network security 
as taught by Martino. 

10. Referring to claim 16, claim 16 encompasses the same scope of the invention as that of 
the claim 8. Therefore, claim 16 is rejected for the same reason as the claim 8. 



Response to Arguments 

11. Applicant's arguments filed 07/02/2004, have been fully considered but they are not 
persuasive. 

12. In that remarks, applicant's argues in substance: 

a. That: Examiner's reliance on Rowe is misplaced because Rowe merely discloses 
the organization of information, but not the organizational relationship between 
virtual private networks within a security policy group 

This is found not persuasive because Singh in views of Lee teaches the 
system includes virtual private networks within a security policy group. Rowe 
teaches a content management tool that provides a hierarchical arrangement of 
data tables (Col 20 lines 39-42) and allowed users to access the system (Col 21 
lines 7-13). This is the combination of Singh in views of Lee and Rowe that 
teaches the claim limitation not Rowe alone. Therefore applicant's argument is 
not persuasive. Rowe provides a hierarchical arrangement of data tables in a 
database, which is providing a method (hierarchical arrangement) to arrange a 
system or organization. And the examiner is motivated to provide this method to 



Application/Control Number: 09/592,079 Page 1 1 

Art Unit: 2155 

the organization of Singh in views of Lee, because it allow users to locate the 
information faster and easier. 

Conclusion 

13. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the mailing date of this final action. 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Liang-che Alex Wang whose telephone number is (703) 
305-8159. The examiner can normally be reached on Monday thru Friday, 8:30 am to 
5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hosain T Alam can be reached on (703)308-6662. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Liang-che Alex Wang g ^ 
July 27, 2004 
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